locked
Changing/changed ISP's and DNS forwarders did not work RRS feed

  • Question

  • Hey guys, I searched for some related post but didn't have any luck. So I apologize in advance if this is a repeat question. 

    First off I should probably point out how our network is set up. We are a small network of about 30 users. I have a 2003 Server running Small Business Server which is the main server for the site. This handles our DHCP, DNS, and Active Directory. We also have a Sonicwall firewall that sits between us and the outside world. 

    So, as it sits right now, everything is working fine. I can ping internal PC's by IP and name, and can resolve anything outside of our network (I am guessing) by using the Forwarders in DNS. The DNS forwarder has our ISP's DNS server listed. About a week ago, I tried to change from our current ISP to a new one and got all kinds of problems. Internally, everything was fine, but I was not able to resolve any external IP's. 

    I am thinking that the DNS server was going off cached DNS and tried to use our old ISP's DNS but I didn't know how to force it to use the new entries. I could be totally incorrect in assuming this though. I tried everything I could think of to refresh DNS on the server and on the clients to get it to work with no luck. 

    Any help would be greatly appreciated. 

     

    Wednesday, November 17, 2010 11:59 PM

Answers

  • As long as the IPs you listed were correct in the Forwarders tab, it should have worked as expected.  There is no cache related to the previous ISP you were using for fowarding.  Your DNS server does hold a cache for records that have been resolved.  They purge as the records TTL expires.  however, if you turn on the advanced settings in the DNS admin console, you can right click the Cache folder and purge the records at any time if you feel the need to do so.

    I would go back and validate that the IP(s) you were trying to forward to was correct.  In addition, since you mentioned a firewall, make sure that the new IPs are allowed as a destination source for outbound DNS traffic.  Otherwise, it may have just been that your firewall was blocking the traffic.

     


    Visit: anITKB.com, an IT Knowledge Base.
    Thursday, November 18, 2010 12:23 AM
  •    You do not have to use any particular DNS service. As a test try an independent DNS service like 4.2.2.2  .
    Bill
    Thursday, November 18, 2010 12:49 AM

All replies

  • As long as the IPs you listed were correct in the Forwarders tab, it should have worked as expected.  There is no cache related to the previous ISP you were using for fowarding.  Your DNS server does hold a cache for records that have been resolved.  They purge as the records TTL expires.  however, if you turn on the advanced settings in the DNS admin console, you can right click the Cache folder and purge the records at any time if you feel the need to do so.

    I would go back and validate that the IP(s) you were trying to forward to was correct.  In addition, since you mentioned a firewall, make sure that the new IPs are allowed as a destination source for outbound DNS traffic.  Otherwise, it may have just been that your firewall was blocking the traffic.

     


    Visit: anITKB.com, an IT Knowledge Base.
    Thursday, November 18, 2010 12:23 AM
  •    You do not have to use any particular DNS service. As a test try an independent DNS service like 4.2.2.2  .
    Bill
    Thursday, November 18, 2010 12:49 AM
  • How do I found out what the TTL is? Is it possible that this TTL is days and not hours/minutes? 

    I am pretty sure that the ISP info was correct as I was able to plug a test computer directly to the ISP hardware and get it to work. I also have another DHCP server running on the firewall and that network was working as well. But I had it pointing directly to the new ISP IP's. 

    If the TTL is not an issue it may be that you are correct when you mention the firewall. I will double check to make sure these settings are correct. 

    Thanks!

    Thursday, November 18, 2010 1:11 AM
  • Bill, thanks for that idea. So, I can make 4.2.2.2 my primary forwarder IP now and then it shouldn't matter when I change ISP's? That would rule out the DNS server not working correctly and point to the firewall if I understand this correctly. 
    Thursday, November 18, 2010 1:14 AM
  • Actually every DNS record your DNS server queries has its own TTL (time to live).  This has nothing to do with your ISP.

    With regard to using 4.2.2.2, yes, that is an open DNS server on the internet (managed by Level3).  It is also a good idea to use a second forwarder as well.  for instance, 4.2.2.3 is another Level 3 DNS server you can use as the secondary forwarder.

     


    Visit: anITKB.com, an IT Knowledge Base.
    Thursday, November 18, 2010 3:03 AM